mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-01-14 16:00:18 +01:00
0024cef238
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".
On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).
On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.
Instead, take the two bytes containing flags and offset:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
and verify that IP_MF and the offset are zero.
Fixes:
|
||
|---|---|---|
| .. | ||
| util | ||
| libndhcp4.sym | ||
| meson.build | ||
| n-dhcp4-c-connection.c | ||
| n-dhcp4-c-lease.c | ||
| n-dhcp4-c-probe.c | ||
| n-dhcp4-client.c | ||
| n-dhcp4-incoming.c | ||
| n-dhcp4-outgoing.c | ||
| n-dhcp4-private.h | ||
| n-dhcp4-s-connection.c | ||
| n-dhcp4-s-lease.c | ||
| n-dhcp4-server.c | ||
| n-dhcp4-socket.c | ||
| n-dhcp4.h | ||
| test-api.c | ||
| test-connection.c | ||
| test-message.c | ||
| test-run-client.c | ||
| test-socket.c | ||
| test.h | ||